The card verifiable certificates contain the corresponding public keys to be retrieved and to be used in the following authentication process. These certificates are signed by the national competent authorities and contain an authorisation object (certificate holder authorisation) according to ISO/IEC 7816-9 in order to encode role specific authorisation to the card. This role authorisation is related to the national competent authority (e.g. to update a data field).
The corresponding public keys of the national competent authority are stored as trust anchor (root public key) in the card.